| Class | RADUM::Group |
| In: |
lib/radum/group.rb
|
| Parent: | Object |
The Group class represents a standard Windows group.
| container | [R] | The Container object the Group or UNIXGroup belongs to. |
| distinguished_name | [R] | The LDAP distinguishedName attribute for this Group or UNIXGroup. |
| groups | [R] | The Group or UNIXGroup objects that are members of the Group or UNIXGroup. |
| name | [R] | The String representation of the Group or UNIXGroup name. This is similar to a User or UNIXUser username in that it does not contain any LDAP path components. This corresponds to the LDAP cn, msSFU30Name, name, and sAMAccountName attributes. |
| removed_groups | [R] | An array of Group or UNIXGroup objects removed from the Group or UNIXGroup. |
| removed_users | [R] | An array of User or UNIXUser objects removed from the Group or UNIXGroup. |
| rid | [R] | The RID of the Group or UNIXGroup object. This correponds to part of the LDAP objectSid attribute. This is set when the Group or UNIXGroup is loaded by AD#load from the AD object the Container belongs to. This attribute should not be specified in the Group.new or UNIXGroup.new methods when creating a new Group or UNIXGroup by hand. |
| type | [R] | The RADUM group type of the Group or UNIXGroup. This corresponds to the LDAP groupType attribute. This defaults to GROUP_GLOBAL_SECURITY when a Group or UNIXGroup is created using Group.new or UNIXGroup.new, but it is set to the correct value when a Group or UNIXGroup is loaded by AD#load from the AD object the Container belongs to. |
| users | [R] | The User or UNIXUser objects the Group or UNIXGroup has a members. User and UNIXUser objects are implicit members of their primary_group as well, but they are not added to the users array directly. This matches the implicit membership in the primary Windows group in Active Directory. |
Create a new Group object that represents a Windows group in Active Directory. This method takes a Hash containing arguments, some of which are required and others optional. The supported arguments follow:
The :name argument (case-insensitive) and the :rid argument must be unique in the AD object, otherwise a RuntimeError is raised. The :name argument has leading and trailing white space removed. The :type argument must be one of the RADUM group type constants. The :rid argument should not be set directly except from the AD#load method itself. The Group object automatically adds itself to the Container object specified by the :container argument.
# File lib/radum/group.rb, line 61
61: def initialize(args = {})
62: @rid = args[:rid] || nil
63: @container = args[:container] or raise "Group :container argument" +
64: " required."
65:
66: # The RID must be unique.
67: if @container.directory.rids.include?(@rid)
68: raise "RID #{rid} is already in use in the directory."
69: end
70:
71: @name = args[:name] or raise "Group :name argument required."
72: @name.strip!
73:
74: # The group name (like a user) must be unique (case-insensitive). This
75: # is needed in case someone tries to make the same group name in two
76: # different containers.
77: if @container.directory.find_group_by_name(@name)
78: raise "Group is already in the directory."
79: end
80:
81: @type = args[:type] || GROUP_GLOBAL_SECURITY
82: @distinguished_name = "cn=" + @name + "," + @container.name + "," +
83: @container.directory.root
84: @users = []
85: @removed_users = []
86: @groups = []
87: @removed_groups = []
88: # This has to be set first before adding the Group to the Container. This
89: # is delayed for a UNIXGroup because it needs the rest of its attributes
90: # set before adding to the Container.
91: @removed = false
92: @container.add_group self unless instance_of?(UNIXGroup)
93: @modified = true
94: @loaded = false
95: end
Make the Group or UNIXGroup given as the argument a member of this Group or UNIXGroup. This represents the LDAP member attribute for the Group or UNIXGroup. A RuntimeError is raised if the Group or UNIXGroup is the same as the current Group or UNIXGroup (cannot be a member of itself) or the Group or UNIXGroup is not in the same AD object. A RuntimeError is raised if the Group or UNIXGroup has been removed.
# File lib/radum/group.rb, line 196
196: def add_group(group)
197: if group.removed?
198: raise "Cannot add a removed group."
199: end
200:
201: unless @container.directory == group.container.directory
202: raise "Group must be in the same directory."
203: end
204:
205: if self == group
206: raise "A group cannot have itself as a member."
207: end
208:
209: @groups.push group unless @groups.include?(group)
210: @removed_groups.delete group
211: @modified = true
212: end
Make the User or UNIXUser a member of the Group or UNIXGroup. This represents the LDAP member attribute for the Group or UNIXGroup. A User or UNIXUser is listed in the Group or UNIXGroup object‘s LDAP member attribute unless it is their primary_group. In that case, the User or UNIXUser object‘s LDAP primaryGroupID attribute is used (which contains the RID of that Group or UNIXGroup - the Group or UNIXGroup does not list the User or UNIXUser in its LDAP member attribute, hence the logic in the code). The unix_main_group for UNIXUsers has the UNIXUser as a member in a similar way based on the LDAP gidNumber attribute for the UNIXUser. The UNIXGroup object‘s LDAP memberUid and msSFU30PosixMember attributes do not list the UNIXUser as a member of the UNIXGroup is their unix_main_group, but this module makes sure the UNIXUsers are also members of their unix_main_group from the Windows perspective. A RuntimeError is raised if the User or UNIXUser already has this Group or UNIXGroup as their primary_group or if the Group or UNIXGroup is not in the same AD object. A RuntimeError is raised if the User or UNIXUser has been removed.
This automatically adds the Group or UNIXGroup to the User or UNIXUser object‘s list of groups.
# File lib/radum/group.rb, line 121
121: def add_user(user)
122: if user.removed?
123: raise "Cannot add a removed user."
124: end
125:
126: if @container.directory == user.container.directory
127: unless self == user.primary_group
128: @users.push user unless @users.include?(user)
129: @removed_users.delete user
130: user.add_group self unless user.groups.include?(self)
131: @modified = true
132: else
133: raise "Group is already the user's primary_group."
134: end
135: else
136: raise "User must be in the same directory."
137: end
138: end
Determine if this Group or UNIXGroup is a member of the Group or UNIXGroup given as the argument.
# File lib/radum/group.rb, line 178
178: def member_of?(group)
179: # Memberships are already removed from removed groups. We have to check
180: # the group passed in since groups are only tracking things they contain.
181: # This method for User and UNIXUser objects can just check their own
182: # groups array, but that's not possible here obviously.
183: group.groups.include? self
184: end
Remove the Group or UNIXGroup membership in the Group or UNIXGroup. A RuntimeError is raised if the Group or UNIXGroup has been removed. Any external references to the Group or UNIXGroup should be discarded.
# File lib/radum/group.rb, line 221
221: def remove_group(group)
222: if group.removed?
223: raise "Cannot remove a removed group."
224: end
225:
226: @groups.delete group
227: @removed_groups.push group unless @removed_groups.include?(group)
228: @modified = true
229: end
Remove the User or UNIXUser membership in the Group. This automatically removes the Group from the User or UNIXUser object‘s list of groups. A RuntimeError is raised if the User or UNIXUser has been removed. Any external references to the User or UNIXUser should be discarded.
# File lib/radum/group.rb, line 148
148: def remove_user(user)
149: if user.removed?
150: raise "Cannot remove a removed user."
151: end
152:
153: @users.delete user
154: @removed_users.push user unless @removed_users.include?(user)
155: user.remove_group self if user.groups.include?(self)
156: @modified = true
157: end